Fuck, are we still talking about “constant-time” in 2017? Even if they do it right, IT’S NOT ENOUGH.
-
-
-
-
Replying to @volatile_void
If I had a dollar for every allegedly constant-time primitive written in C, I could buy a nice car. You cannot claim C code to be constant time, because the C abstract machine has no model of time.
2 replies 4 retweets 9 likes -
Replying to @stephentyrone @volatile_void
You can't even claim constant-time for most assembly code unless you tie it to a specific µarchitecture, because most ISAs make no guarantee of a constant-time for the instructions you're using.
2 replies 0 retweets 0 likes -
Replying to @stephentyrone @volatile_void
pusha ; cpuid ; popa between every pair of instructions. ;-)
2 replies 0 retweets 1 like -
Jokes aside, closest you'll probably come is implementing a bytecode interpreter to make it implausible for uarch to make op times vary.
2 replies 0 retweets 0 likes -
Real solution: while (now()<start+safe_margin);
1 reply 0 retweets 0 likes -
Replying to @RichFelker @volatile_void
Vulnerable to hyperthread timing attacks.
2 replies 0 retweets 0 likes -
Replying to @stephentyrone @volatile_void
HT needs to be off to ensure reasonable local secrecy properties. I'm content to preclude remote timing leaks usually.
1 reply 0 retweets 1 like
Re: js, browser should only expose a fake clock.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.